In this post, I will provide an in-depth technical analysis of an application portraying itself as TikTok Pro which is a dangerous spyware. APK Metadata Malware sample: here MD5: 9fed52ee7312e...
Darkcrystal
In this post, I will provide an in-depth technical analysis of Dark Crystal RAT, a backdoor written in C#. File Metadata Malware sample: here MD5: b478d340a787b85e086cc951d0696cb1 SHA256: 8d...
Cookiethief Malware Analysis
In this post, I will provide an in-depth technical analysis of a malicious android application that steals cookies from the browser and sends them to a C2 server. APK Metadata Malware sample: he...
Free Followers (Ransomware)
In this post, I will provide an in-depth technical analysis of the malicious Android application known as “Free Followers,” specifically focusing on its ransomware functionality. APK Metadata Ma...
Umdctf Writeups
Below are my write-ups for the Pokeball Escape and Bleep challenges that were part of UMDCTF 2023. Pokeball Escape After decompiling the Pokeball Escape application using JADX, we get the follo...
Conti Ransomware
Overview Packed Sample : https://bazaar.abuse.ch/sample/03b9c7a3b73f15dfc2dcb0b74f3e971fdda7d1d1e2010c6d1861043f90a2fecd/ Unpacked Sample : https://bazaar.abuse.ch/sample/d3c75c5bc4ae087d547bd722...
Reversing WarZone Rat
Description WarZone is a Remote Access Trojan (RAT) that is sold on a publicly available website, as a Malware-as-a-Service. MD5: 48FF98ED6AE74DA9C1FEF59B40699BAE SHA256: 4537FAB9DE768A668AB4E72A...
Welkerme
Attachments : welkerme.tar.gz , compress.sh First of all, let’s have a look on the source code of the driver. #include <linux/cdev.h> #include <linux/fs.h> #include <linux/kernel.h...
Strvscstr
Attachments : chall , main.cpp So, this was an interesting challenge on CPP pwn from Cake CTF. This was the first time I tried my hands on cpp pwning. First of all, let’s have a look on the secu...
REvil Ransomware
REvil or Sodinokibi ransomware is a powerful ransomware that encrypts files. It uses advanced encryption techniques and can operate without connection to control servers. So, let’s get started ...